Entities that must comply with HIPAA-AS regulations, or "covered entities," include:

Payers (insurers)

Clearinghouses

Health care practitioners and facilities

Health plans

Indirectly, all business associates or business partners of those entities listed above. A business associate is an individual or an entity that provides services or assists the covered entity in activities related to treatment, payment or health care operation. Contracts between covered entities and business associates must have provisions addressing restrictions on the business associate's use and disclosure of health information.